Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help!!

Unread postby gwlee » October 6th, 2005, 10:03 pm

I'm getting winfixer and other adware junk.
TIA,
Glenn


Logfile of HijackThis v1.99.1
Scan saved at 4:35:25 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Pinnacle\PCTV USB2\Remote\Remoterm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Glenn\My Documents\Download\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Glenn\Application Data\Mozilla\Profiles\default\1n8qfh5j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\awtsr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVUSB2Remote] C:\Program Files\Pinnacle\PCTV USB2\Remote\Remoterm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)
gwlee
Regular Member
 
Posts: 19
Joined: October 6th, 2005, 9:53 pm
Advertisement
Register to Remove

Unread postby dobhar » October 6th, 2005, 11:39 pm

Hi...

My name is dobhar and I will be looking over your log. Please give me some time to go look it over and I will post back as soon as possible. If you have any questions please post back as a reply to this Thread\Topic and I will be advised by email so I can return and help you. Do not start another Thread\Topic.

Thank You,
User avatar
dobhar
MRU Honors Grad Emeritus
 
Posts: 961
Joined: March 3rd, 2005, 3:00 am
Location: Winnipeg

Unread postby dobhar » October 7th, 2005, 12:13 am

Hi gwlee...
_____________________________________________________

Please print out or copy these instructions\tutorials to Notepad as the internet will be unavailble to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
_____________________________________________________

Step 1.
==========

We first need to temporarily disable Microsoft Antispyware as it may interfer with our "Fixes"
- Open "Microsoft AntiSpyware"
- Click on "Options" then select "Settings"
- In left-hand window click on "Real-time Protection"
- Under "Startup Options" de-select\uncheck "Enable the Microsoft AntiSpyware Security Agents on startup (recommended)"
- Under "Real-time spyware threat protection" de-select\uncheck "Enable real-time spyware threat protection (recommended)"
- Click "Save button to save your changes
- Close Microsoft AntiSpyware
- Right-click on the "Microsoft AntiSpyware" icon on the taskbar
- Select "Shutdown Microsoft AntiSpyware"
- Click Yes at next window
(Note: After all of the fixes are complete it is very important that you enable Real-time Protection again)

Step 2.
==========

Please download and install CCleaner from here
(Note: DO NOT run this program yet)

Step 3.
==========

Please download VundoFix.exe from here to your desktop.
- Double-click VundoFix.exe to extract the files...This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode.

Step 4.
==========

- Reboot computer into "Safe Mode" Using the F8 method:
- As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
- Use the arrow keys to select the Safe Mode menu item
(Note: For additional help in booting into Safe Mode, see the following site - here

Step 5.
==========

We need to make sure all hidden files are showing...
  • Open "My Computer".
  • Click on "Tools" and from the drop down menu select "Folder Options".
  • Select the "View" tab.
  • Under the "Hidden files and folders" heading SELECT "Show hidden files and folders".
  • UNCHECK the "Hide file extensions for known types option".
  • UNCHECK the "Hide protected operating system files (recommended) option".
  • Click "Yes" to confirm.
  • Click "OK".
Step 6.
==========

** Please make sure MS Antispyware is still disabled **
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning. It should look like this
    VundoFix V2.13 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:
    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.
  • At this point please type the following file path (make sure to enter it exactly as below!):
    C:\WINDOWS\system32\awtsr.dll
    • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
    • Next you will see:
      Please type in the second filepath as instructed by the forum staff
      Then Press Enter, Then F6, Then Enter Again to continue with the fix.
    • At this point please type the following file path (make sure to enter it exactly as below!):
      C:\WINDOWS\system32\rstwa.*
      • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
      • The fix will run then HijackThis will open.
      • In HijackThis, please place a check next to the following items and click FIX CHECKED:

        O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\awtsr.dll
        O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll

        • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
        • Pressing any key will cause a "Blue Screen of Death". This is normal, do not worry! At this point if your PC does not reboot then manually reboot your PC.
        • Once your machine reboots please continue with the instructions below.
        Step 7.
        ==========

        We now need to cleanup all the Temp, Temorary Internet Files, Recycle Bin, etc...
        - Start the CCleaner program
        - Get into "Options" => Select "Advanced" => Deselect\uncheck "Only delete files in Windows Temp folders older than 48 hours"
        - We are only going to work with the "Cleaner" section. (Note: Do not use the "Issues" section)
        - click on the Run Cleaner button in the lower right-hand corner
        - After complete close program

        Step 8.
        ==========

        Run Panda's ActiveScan - online virus scan from here and perform a full system scan.
        - Once you are on the Panda site click the "Scan your PC" button
        - A new window will open...click the big "Check Now" button
        - Enter your Country
        - Enter your State/Province
        - Enter your e-mail address and click send
        - Select either Home User or Company
        - Click the big Scan Now button
        - If it wants to install an ActiveX component allow it
        - It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
        - Click on "Local Disks" to start the scan
        - Post Panda scan results in your next reply

        Step 9.
        ==========

        - Post a fresh new HijackTHis log
        - Post the Vundofix.txt log
        - Post the Panda ActiveScan results
        - Don't forget to make sure MS Antispyware is "Active" again
        User avatar
        dobhar
        MRU Honors Grad Emeritus
         
        Posts: 961
        Joined: March 3rd, 2005, 3:00 am
        Location: Winnipeg

        Unread postby gwlee » October 9th, 2005, 7:58 pm

        Thanks for the help!!

        Here's the logs you wanted.

        From Panda scan
        Detected Disinfected
        Virus 0 0
        Spyware 0 0
        Hacking Tools 0 0
        Dialers 0 0
        Security Risks 0 0
        Suspicious files 0 0

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Suspending PID 236 'smss.exe'
        Threads [240][244][248]

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Killing PID 912 'explorer.exe'
        Killing PID 912 'explorer.exe'

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Error, Cannot find a process with an image name of rundll32.exe

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Killing PID 308 'winlogon.exe'
        Killing PID 308 'winlogon.exe'
        Killing PID 308 'winlogon.exe'
        File Deleted sucessfully.
        Files Deleted sucessfully.

        Logfile of HijackThis v1.99.1
        Scan saved at 4:55:00 PM, on 10/9/2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Intel\IDU\IDUServ.exe
        C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
        C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
        C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
        C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
        C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
        C:\Program Files\Pinnacle\PCTV USB2\Remote\Remoterm.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Intel\IDU\iptray.exe
        C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
        C:\Program Files\Logitech\SetPoint\KEM.exe
        C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
        C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Documents and Settings\Glenn\My Documents\Download\hijackthis\HijackThis.exe

        N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Glenn\Application Data\Mozilla\Profiles\default\1n8qfh5j.slt\prefs.js)
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
        O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
        O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
        O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
        O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
        O4 - HKLM\..\Run: [PCTVUSB2Remote] C:\Program Files\Pinnacle\PCTV USB2\Remote\Remoterm.exe
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
        O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
        O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
        O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: Pinnacle Scheduler.lnk = ?
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
        O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
        O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)
        gwlee
        Regular Member
         
        Posts: 19
        Joined: October 6th, 2005, 9:53 pm

        Unread postby dobhar » October 10th, 2005, 6:13 pm

        Hi gwlee...

        Sorry for the delay...Canadian Thanksgiving...Turkey day... :)
        ___________________________________

        Congrats... :D Your log points to you being clean so I'm adding my standard {All Clean} speech to the end of this post.

        The last thing I need you to do is to reset your "Hidden files and folders". System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion...
        - Open "My Computer".
        - Click on "Tools" and from the drop down menu select "Folder Options".
        - Select the "View" tab.
        - Under the Hidden files and folders heading UNSELECT "Show Hidden files and folders".
        - CHECK the "Hide protected operating system files (recommended) option".
        - Click "Yes" to confirm.
        - Click "OK".
        ___________________________

        Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
        1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here:

          Managing Windows Millenium System Restore or Windows XP System Restore Guide

          Renable system restore with instructions from tutorial above
        2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
          1. From within Internet Explorer click on the Tools menu and then click on Options.
          2. Click once on the Security tab
          3. Click once on the Internet icon so it becomes highlighted.
          4. Click once on the Custom Level button.
            1. Change the Download signed ActiveX controls to Prompt
            2. Change the Download unsigned ActiveX controls to Disable
            3. Change the Initialize and script ActiveX controls not marked as safe to Disable
            4. Change the Installation of desktop items to Prompt
            5. Change the Launching programs and files in an IFRAME to Prompt
            6. Change the Navigate sub-frames across different domains to Prompt
            7. When all these settings have been made, click on the OK button.
            8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
          5. Next press the Apply button and then the OK to exit the Internet Properties page.

        3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs:
          Virus, Spyware, and Malware Protection and Removal Resources
        4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
        5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below:
          Understanding and Using Firewalls
        6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
        7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here:
          Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
        8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
          Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
        9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here:
          Using SpywareBlaster to protect your computer from Spyware and Malware
        10. Install IE-SPYAD - IE-SPYAD adds a list of sites and domains associated with advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. A tutorial on installing & using IE-SPYAD can be found here:
          Using IE-Spyad to enhance your privacy and security
        11. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
        Follow this list and your potential for being infected again will reduce dramatically.

        Glad I was able to help.

        Thanks and Sarf Surfing... :D
        User avatar
        dobhar
        MRU Honors Grad Emeritus
         
        Posts: 961
        Joined: March 3rd, 2005, 3:00 am
        Location: Winnipeg

        Unread postby gwlee » October 11th, 2005, 1:15 am

        Once again thanks!!
        Glenn
        gwlee
        Regular Member
         
        Posts: 19
        Joined: October 6th, 2005, 9:53 pm

        Unread postby NonSuch » October 19th, 2005, 2:34 pm

        Glad we could be of assistance.

        This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

        You can help support this site from this link :
        Donations For Malware Removal

        Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
        User avatar
        NonSuch
        Administrator
        Administrator
         
        Posts: 28747
        Joined: February 23rd, 2005, 7:08 am
        Location: California
        Advertisement
        Register to Remove


        Return to Infected? Virus, malware, adware, ransomware, oh my!



        Who is online

        Users browsing this forum: No registered users and 292 guests

        Contact us:

        Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

        Member site: UNITE Against Malware